Sorry about the delayed response - got pulled away by kids, and then timezone lag crept up on me 😉 So let's say I have the following configuration:
• Project: BaseInfra
◦ Stack: environment1
◦ Stack: environment2
Now - the environmentX stacks in BaseInfra are only there to create and manage the top-level resources as it stands today - basically everything from kubernetes clusters and pools (but not contents), networking, storage, security, etc.
What I'm planning on adding is a capability to dynamically assign permissions to users for certain resources - le't say kubernetes role access + whitelisting of the users ip in the kubernetes network config.
Given that i'm using automation (and I want this kind of thing to be timeboxed) I'll be using a separate database to store that desired state rather than pulumi stack config yaml (like I have with the environmentX stuff). Would it be better to try to merge the database config with the current stack config - or would it be better to set up environmentXaccess stacks that inherit from environmentX but are otherwise independent?